rpm package
suse/wget&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5953 | — | < 1.14-21.10.1 | 1.14-21.10.1 | May 17, 2019 | Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. | ||
| CVE-2017-13090 | Hig | 8.8 | < 1.14-21.3.1 | 1.14-21.3.1 | Oct 27, 2017 | The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to | |
| CVE-2017-13089 | Hig | 8.8 | < 1.14-21.3.1 | 1.14-21.3.1 | Oct 27, 2017 | The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative | |
| CVE-2017-6508 | Med | 6.1 | < 1.14-20.1 | 1.14-20.1 | Mar 7, 2017 | CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | |
| CVE-2016-7098 | Hig | 8.1 | < 1.14-17.1 | 1.14-17.1 | Sep 26, 2016 | Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | |
| CVE-2016-4971 | Hig | 8.8 | < 1.14-10.3 | 1.14-10.3 | Jun 30, 2016 | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | |
| CVE-2015-2059 | — | < 1.14-10.3 | 1.14-10.3 | Aug 12, 2015 | The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
- CVE-2019-5953May 17, 2019affected < 1.14-21.10.1fixed 1.14-21.10.1
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
- affected < 1.14-21.3.1fixed 1.14-21.3.1
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to
- affected < 1.14-21.3.1fixed 1.14-21.3.1
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative
- affected < 1.14-20.1fixed 1.14-20.1
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
- affected < 1.14-17.1fixed 1.14-17.1
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
- affected < 1.14-10.3fixed 1.14-10.3
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
- CVE-2015-2059Aug 12, 2015affected < 1.14-10.3fixed 1.14-10.3
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.